If you own an online store or shopping cart and you transmit personal information from your customers, you need to encrypt that information using an SSL certificate. But there are so many choices that vary wildly in cost, how does an online store owner know which one to choose?

First, it’s important to understand what an SSL certificate does. SSL certificates have two main purposes: 1. to encrypt the transmitted data flowing (128 bit encryption is recommend for ecommerce) between the customer’s browser and the server, and 2. to identify the online store. SSL certificates have varying levels of owner authentication (less expensive ones can be done online, others require a phone call, others require more formal business documentation). SSL certificates also vary in the warranty they provide you and your customers customers against loss. SSL certificates have a third non-techincal purpose, which is to convey a level of trust and security to increase shopper confidence in your online store. (Here’s an excellent article by VeriSign on SSL and buyer confidence.)

I’ll list just two of the SSL certificates that I’m familiar with and that my hosting company, who I do trust, is familiar with. (Read about what my hosting company, DreamHost, says about SSL certificates.) If you are not using DreamHost, then you may be able to purchase an SSL directly from your hosting company - but ask them who they are really using (for example, when I asked Aplus.net, they said their SSL certificates are actually Comodo).

GeoTrust and VeriSign SSL Certificates

GeoTrust and VeriSign are classified as “expensive” and “very expensive” by DreamHost. GeoTrust 256 bit SSL certificates run from $249 - $1499 per year (go here to see a comparison chart of GeoTrust SSL Certificates). VeriSign SSL 128 bit certificates run from $999 - $1499 per year (go here to use the VeriSign SSL Selection wizard or here to see a comparison chart for VeriSign SSL Certificates). Note the different methods of authentication, different warranties, and different website seals. Both GeoTrust and VeriSign are widely known and respected and GeoTrust is the “recommended” SSL certficate by DreamHost.

GoDaddy SSL Certificates

GoDaddy is classified as “very cheap” by DreamHost. GoDaddy SSL cerficates run from $19 - $499 per year (go here to see a comparision chart of GoDaddy SSL Certificates - click on “certificate features” tab at the bottom). Note the warranty, verification process, and site seals.

Which Is Best For My Online Store?

Let’s look at some of the differences between two extremes of cost: GeoTrust and GoDaddy SSL certificates.

That little padlock icon or “https”: Generally speaking, all SSL certificates will make your customer’s browser have that little padlock icon that tells them they’re on a secure site and change the URL to “https”. But not all SSL certificates are compatible with all browsers. Both GeoTrust and GoDaddy claim to be compatible with 99% of all modern browsers. Check your SSL’s claim to browser compatibility to make sure your customers get that little padlock icon.

SSL Warranty: GoDaddy’s current SSL warranty is $2000, while GeoTrust warranties run from $10,000 to $250,000. Obviously, the bigger warranty is better, because if someone manages to steal your customer’s credit card info, that could run up quite a big bill. Here’s a link to GeoTrust’s legal documents - the SSL warranty details are at the bottom under “Protection Plan”. However, if you’re using PayPal Website Payments Standard to process your payments, this means that you are only sending customer name/address info, and so your risk should be lower than if you were using PayPal Website Payments Pro and sending the credit card info. Assess your own risk and what you can afford, just like when you buy insurance.

SSL Site Seal: Site Seals are intended to inspire buyer confidence in your online store. Obviously a GeoTrust seal is going to inspire more confidence than an GoDaddy seal, but this is hard to quantify. Some seals actually show your store’s authenticated name, others give pop-up boxes with other authentication info. Many of my clients who purchase GeoTrust display their seals on every page of their online stores, while many of my clients who purchase GoDaddy SSL’s choose NOT to display the GoDaddy seals. Notice who and who doesn’t display a SSL seal as you do your online shopping. Even Charles Schwab displays their VeriSign SSL seal on their client login page.

Bottom line:

Since DreamHost is my hosting company, and I trust them, I’d feel ok using any of the SSL companies they have listed on their SSL page and if I had an online store, would use their recommendation and pick GeoTrust. If your hosting company offers SSL certificates, find out who the real SSL is issued by, and look into their reputation. Think about whether you’re going to be transmitting really sensitive data (credit card info) or less sensitive information (names, addresses) and buy the very best SSL your budget can afford to protect your business and your customers.

UPDATE: 3/4/08
DreamHost is now offering GeoTrust certificates ! If you’re a DreamHost customer, this greatly simplifies the SSL set-up process, and as previously mentioned, GeoTrust is a very respected SSL company.

(GeoTrust, VeriSign, GoDaddy, DreamHost and PayPal are all registered trademarks of each of those companies, respectively.)

This entry was posted on Friday, November 9th, 2007 at 12:13 pm and is filed under the eCommerce category. Read other Aldebaran Website Design Blog articles by returning to main blog page. Need a blog added to your website? Click here to read about blog installation services or click here to contact Aldebaran Web Design.